IN THE UNITED STATES DISTRICT COURT 
FOR THE NORTHERN DISTRICT OF GEORGIA 
ATLANTA DIVISION 


DONNA CURLING, ET AL., 
Plaintiffs, 
DECLARATION OF 
v. J. ALEX HALDERMAN 
BRAD RAFFENSPERGER, ET AL., 
Defendants. Civil Action No. 1:17-CV-2989-AT 


Pursuant to 28 U.S.C. § 1746, J. ALEX HALDERMAN declares under 
penalty of perjury that the following is true and correct: 

1. hereby incorporate my previous declarations as if fully stated herein. I 
have personal knowledge of the facts in this declaration and, if called to testify as a 
witness, I would testify under oath to these facts. 

2. Ihave reviewed the expert disclosures prepared by Dr. Juan Gilbert and 
Dr. Benjamin Adida for State Defendants. Neither Dr. Gilbert not Dr. Adida offers 
any rebuttal to the numerous, critical vulnerabilities in Georgia’s BMDs that I 
described in my July 1, 2021 expert report. Dr. Adida did not respond to my report 
at all; State Defendants reissued prior declarations from him previously provided in 


this litigation. Neither of them disputes the presence of any of the serious 


vulnerabilities I detail in my report or the steps I describe for exploiting those 
vulnerabilities to alter individual votes and election outcomes in Georgia. Nor does 
either of them claim to have examined any of the voting equipment used in Georgia 
to evaluate whether the vulnerabilities I identified—or others—have been exploited 
in any past election. Although each of them presumably could do this with the 
permission of State Defendants, who I understand engaged them as experts in this 
case, there is no indication either has undertaken any such inquiry or asked to do so. 
As a result, neither Dr. Gilbert nor Dr. Adida has anything to say about the reliability 
of the voting equipment used in Georgia elections. This is surprising, given that they 
have had at least the last year to examine Georgia’s voting equipment. 

3. State Defendants urgently need to engage with the findings in my report 
and address the vulnerabilities it describes before attackers exploit them. Nothing in 
Dr. Gilbert’s or Dr. Adida’s responses indicates that State Defendants understand 
the seriousness of these problems or have taken any measures to address them and 
their implications for the Plaintiffs’ individual votes in future elections. Established 
practice in the security field would require State Defendants to promptly subject 
Georgia’s voting system to rigorous testing in response to my report, to assess the 
extent and significance of each of the vulnerabilities I described, and to identify and 


promptly implement specific measures (where possible) to eliminate or mitigate each 


of those vulnerabilities. Neither Dr. Gilbert nor Dr. Adida indicates any such efforts 
on their own part or on the part of State Defendants or anyone else. Again, Dr. Adida 
did not respond to my report. 

4. In my report—a 25,000-word document that is the product of twelve 
weeks of intensive testing of the Dominion equipment provided by Fulton County— 
I find that Georgia’s BMDs contains multiple severe security flaws. Attackers could 
exploit these flaws to install malicious software, either with temporary physical 
access (such as that of voters in the polling place) or remotely from election 
management systems. I explain in detail how such malware, once installed, could 
alter voters’ votes while subverting all the procedural protections practiced by the 
State, including acceptance testing, hash validation, logic and accuracy testing, 
external firmware validation, and risk-limiting audits (RLAs). Finally, I describe 
working proof-of-concept malware that I am prepared to demonstrate in court. 

5. My report concludes, inter alia, that Georgia’s BMDs are not 
sufficiently secured against technical compromise to withstand vote-altering attacks 
by bad actors who are likely to target future elections in the state; that the BMDs’ 
vulnerabilities compromise the auditability of Georgia’s paper ballots; that the 
BMDs can be compromised to the same extent as or more easily than the DREs they 


replaced; and that using these vulnerable BMDs for all in-person voters, as Georgia 


does, greatly magnifies the level of security risk compared to using hand-marked 


paper ballots and providing BMDs to voters who need or request them. 


Reply to Declaration of Dr. Juan Gilbert 


6. Rather than engage with the facts in my report, Dr. Gilbert responds 
largely with vague generalities. He gives no indication that he has ever used an ICX 
BMD, let alone tested its security. He begins by conceding that “any computer can 
be hacked,” but he contends that “this general statement is largely irrelevant,” 
because hand-marked paper ballot systems use computers too (to scan the ballots) 
(§ 6). His position is inconsistent with accepted standards for election security and 
with the facts of the particular voting system used in Georgia. 

7. My testing has shown that the BMDs used in Georgia suffer from 
specific, highly exploitable vulnerabilities that allow attackers to change votes 
despite the State’s purported defenses. There is no evidence that Georgia’s ballot 
scanners suffer from the same extraordinary degree of exploitability, nor does 
Dr. Gilbert contend they do. He ignores the relative ease with which Georgia’s 
BMDs can be hacked, including by a voter in a voting booth in mere minutes. That 
extreme difference in security as compared to other voting technologies, particularly 


hand-marked paper ballots, is far from “irrelevant” as Dr. Gilbert implies. 


8. Furthermore, even if the scanners were just as insecure as the BMDs, 
Georgia’s practice of requiring essentially all in-person voters to use highly 
vulnerable BMDs would needlessly give attackers double the opportunity to change 
the personal votes of individual Georgia voters, since malware could strike either 
the BMDs or the scanners. Accepted standards in election security compel reducing 
points of attack for bad actors, not unnecessarily expanding them—a point 
Dr. Gilbert ignores. 

9. Lastly, Dr. Gilbert also ignores that accepted election security protocols 
include an effective measure to protect against hacks of ballot scanners when the 
ballots are hand-marked rather than generated by BMDs—namely, reliable risk- 
limiting audits (RLAs), which would have a high probability of detecting any 
outcome-changing attack on the scanners. Not only do Georgia’s BMDs defeat the 
efficacy of RLAs, but Dr. Gilbert continues to ignore the fact that Georgia requires 
an RLA of just one statewide contest every two years (and, to my knowledge, has 
not adopted specific, adequate procedures to ensure a reliable RLA for that one audit 
every other year). 

10. Dr. Gilbert goes on to discuss issues related to voter verification of 
BMD ballots (which I respond to below). Yet he fails to address the potential for 


attackers to cheat by changing only the QR codes printed by Georgia’s BMDs. 


Voters cannot read the QR codes, but they are the only part of the ballots that the 
scanners count. My report details several routes by which malicious hardware or 
software can manipulate the QR codes and cause the recorded votes to differ from 
voters’ selections. In principle, a rigorous risk-limiting audit would be likely to 
detect such an attack if the attacker changed enough votes to alter the outcome of 
the contest being audited, but again Georgia rules require such an audit in only a 
single statewide contest once every two years. As my report explains, this leaves the 
vast majority of elections and contests in Georgia vulnerable to QR code (and others) 
attacks, yet Dr. Gilbert says nothing about this threat. 

11. Instead, Dr. Gilbert focuses exclusively on a different threat: attacks that 
change both the QR codes and the ballot text. In addition to the barcode-only attacks 
I just discussed, my report demonstrates that Georgia’s BMDs can be manipulated 
so that both the barcodes and the printed text indicate the same fraudulent selections. 
No audit or recount can catch such fraud, because all records of the voter’s intent 
would be wrong. The only reliable way to detect it would be if enough voters 
carefully reviewed their ballots, noticed that one or more selections differed from 
their intent, and reported the problems to election officials, and if Georgia officials 
then discerned from the pattern of voter reports that the BMDs were systematically 


misbehaving. Thus, Dr. Gilbert is mistaken when he contends that the distinction 


between “voter-verifiable” and “voter-verified” paper ballots “only matters in 
principle” (17). All BMD ballots are potentially voter-verifiable, but unless enough 
BMD ballots are actually voter-verified, BMD-based attacks could alter election 
outcomes even in the rare instances where the State conducts a risk-limiting audit. 
And unless every BMD ballot is actually voter-verified, BMD-based attacks could 
alter individual voters’ selections without detection.. 

12. A large body of recent scientific evidence has established that few voters 
are likely to catch errors caused by malicious BMDs. I have reviewed this evidence 
in previous declarations.' It comes from both field observations (which report how 
long real voters review their ballots during real elections) and laboratory tests (which 
report the fraction of errors that subjects detect when voting on hacked BMDs in 
simulated elections). These methodologies are complementary, and results to-date 
from all studies of both kinds point to a low rate of voter-verification. 

13. Dr. Gilbert criticizes field observations because “‘[t]ime spent reviewing 
a ballot has little to do with whether it was actually verified” ({ 9). This claim is 
inconsistent with accepted election security principles. Of course, they are not 


exactly the same question, but obviously the time spent reviewing a ballot can 


' Halderman decl. (Dec. 16, 2019), Dkt. 682 at 23-33; Halderman decl. (Sept. 1, 
2020) Dkt. 855-1 at 6-8, 55. 


provide important insight into whether it was likely verified. For example, we can 
conclude that a voter who spends only a second or two reviewing a lengthy, 
complicated ballot is unlikely to have reliably verified each of their selections on the 
ballot. And of course, the same is true for a voter who spends no time at all reviewing 
their ballot. Review time is both practical to measure and clearly correlated with the 
error detection success, making it a valuable and relevant metric, as multiple studies 
confirm. 

14. Dr. Gilbert seems to contend, without evidence, that a casual glance is 
sufficient to review Georgia-style ballots because selections are printed together 
with party affiliations ({ 9). He cites no research (and I am unaware of any) that 
supports this conclusion, particularly when, as in Georgia, the party affiliations are 
printed in small type and in a different horizontal position for each contest. A real 
BMD ballot is reproduced on page 15 of my expert report. This is just one example 
of such a ballot; they can be longer and more confusing. Dr. Gilbert provides no 
basis for believing that voters would likely catch deliberate errors caused by 
compromised BMDs when voting such a ballot. 

15. Dr. Gilbert references my award-winning peer-reviewed study about 


voter verification behavior, which found very poor rates of error detection and 


reporting in a mock election using BMDs that my team hacked (§ 10).? He contends 
that my study “ignores the reaction to such manipulation in an actual election, 
particularly one as heated in the public domain as the 2020 Election.” ( 11). He 
does not explain how or why such circumstances would be expected to materially 
increase voter verification of their respective BMD ballots, nor does he cite any 
support for his claim to believe they would. And, just last week, the Atlanta Journal- 
Constitution obtained a study (under the Georgia Open Records Act) commissioned 
by the Secretary of State’s Office in which researchers from the University of 
Georgia observed Georgia voters during the November 2020 election and reported 
how long they spent reviewing their BMD ballots.* Although it appears the Secretary 
of State had this study at the time of Dr. Gilbert’s response to my report, he does not 
address or acknowledge it. The new study suggests that voters in the real world 
review their ballots even less carefully than voters in recent laboratory studies— 


despite the reminders election workers are supposed to give them to carefully review 


2 Matthew Bernhard, Allison McDonald, Henry Meng, Jensen Hwa, Nakul Bajaj, 
Kevin Chang, and J. Alex Halderman, “Can Voters Detect Malicious Manipulation 
of Ballot Marking Devices?” In 4/st IEEE Symposium on Security and Privacy 
(May 2020). Available at https://ieeexplore.ieee.org/document/9 152705. 

> Mark Niesse, “Under half of Georgia voters checked their paper ballots, study 
shows,” Atlanta Journal-Constitution (July 27, 2021). Available at 
https://www.ajc.com/politics/under-half-of-georgia-voters-checked-their-paper- 
ballots-study-shows/6HS VAHFOBRBDPODRZXLIBTUS64/. 


their ballots at the polling sites, which Dr. Gilbert emphasizes as a remedy for poor 
voter verification of BMD ballots.’ 

16. The University of Georgia researchers report that 20% of voters they 
observed did not check their ballots at all.° Only about 49% examined their ballots 
for at least one second, and only 19% did so for more than five seconds. This is 
significantly worse performance than observed in my study, which found that when 
voters were verbally prompted to review their ballots before casting them, as should 
occur in Georgia, 63% of voters reviewed their ballots for only two seconds or more, 
compared to 19-49% in the new study. 

17. This suggests that laboratory studies like mine tend to overestimate the 
rate at which real Georgia voters would detect errors on their BMD ballots. Since 


real Georgia voters were observed to review their ballots even less carefully than the 


4 Secretary Raffensperger appears to disagree with Dr. Gilbert about the value of 
measuring voter review time for assessing voter verification performance. He told 
the Atlanta Journal-Constitution that the new study “shows voters do indeed 
review their ballots for accuracy before casting them” and offers “proof the votes 
that were counted were for the candidates the voters intended.” (/d.). I agree that 
the new study provides valuable insights about voter behavior, but, contrary to the 
Secretary’s pronouncements, the results indicate that real Georgia voters are even 
less likely to detect errors caused by compromised BMDs than previous studies 
have suggested. 

5 Audrey A. Haynes and M.V. Hood III, “Georgia Voter Verification Study” 
(January 22, 2021). Available at https://s3.documentcloud.org/documents/ 
21017815/gvvs-report-11.pdf. 


participants in my study, it is reasonable to infer that real voters would catch an even 
smaller fraction of errors. The participants in my study who were similarly prompted 
to review their ballots caught 14% of errors. Therefore, real voters in Georgia are 
likely to catch substantially less than 14% of errors. 

18. How often would voters have to detect errors on their BMD ballots to 
effectively safeguard against attacks? The answer depends on the margin of victory, 
since an outcome-changing attack would need to change fewer votes in a close 
-contest. The model from my study shows that, given the margin of victory from the 
2020 Presidential contest in Georgia, voters would need to have detected 46% of 
errors for there to be even one error report per 1000 voters, under a hypothetical 
scenario where the election outcome had been changed by hacked BMDs.° The 
University of Georgia observations show that barely 49% of voters looked at their 
ballots for even a second, let alone studied them carefully enough to reliably spot 


errors. 


6 To reiterate, the November presidential race was the only state-wide contest 
subjected to a risk-limiting audit. In other contests, attackers could change the 
outcome by tampering with only the ballot QR codes, and voters would have no 


practical way to detect this manipulation regardless of how diligently they 
reviewed their ballots. 
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19. Dr. Gilbert performs a similar calculation using the baseline error 
detection rate measured in my study. He finds that an outcome changing attack on 
Georgia’s Presidential contest would have resulted in only 832 voters noticing that 
their BMD ballots showed the wrong selection. Dr. Gilbert suggests that there have 
not been such complaints from any voters, and says he finds it implausible that so 
many voters would have “simply not said anything or otherwise simply corrected 
their ballot and thought nothing of it then or since” (§ 12). 

20. This is an oddly constructed hypothetical, since Curling Plaintiffs do not 
claim here that the Presidential outcome was altered by hacking the BMDs. And 
Dr. Gilbert does not indicate any effort to determine the total number of spoiled 
ballots in Georgia’s Presidential contest, which he presumably could have explored 
with State Defendants. Neither does he provide any basis to believe there were only 
832 or fewer spoiled ballots. But suppose for the sake of argument that the 
Presidential election outcome in Georgia had been altered by hacking the BMDs, and 
there were complaints from the 832 voters that Dr. Gilbert has calculated. What then? 
It seems all but certain that these complaints would have been dismissed or drowned 
out in the cacophonous aftermath of the election or simply disregarded by election 
workers at the polling sites as voter errors. Yet the official count, the risk-limiting 


audit, and the recount would all have found the wrong winner, and there would be no 


way to recover any altered vote or correct the election outcome short of rerunning the 
election. With a mere 832 complaints among 5 million participating voters (amidst a 
sea of other complaints, real and imagined), it is unlikely that poll workers or election 
officials, including State Defendants, would realize or even suspected there was a 
systemic problem with the BMDs, and it is completely implausible that they would 
take the drastic but necessary step of asking Georgians to vote again. Georgia’s 
election system is susceptible to this extraordinary risk as long as it remains 
vulnerable to the attacks I described in my report (and potentially others). 

21. To get to the point of making a decision to rerun an election, State 
Defendants (among others, perhaps) would first need to know how many voters 
discovered a problem when verifying their ballots. As Dr. Gilbert points out, the 
number of spoiled BMD ballots provides an upper bound on the number of voters 
who discovered and corrected an error (T 12). He does not say how many spoiled 
ballots there actually were in November 2020. If State Defendants knew the number 
was less than 832, they likely would have shared this fact with Dr. Gilbert, and he 
would have stated it in his report. It is reasonable to infer that either there were more 
than 832 spoiled ballots (and the attack is plausible) or State Defendants do not know 


how many BMD ballots were spoiled during the election, eight months later, despite 
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what Dr. Gilbert acknowledges those ballots would suggest about the reliability of 
the election. 

22. That State Defendants may not know this information is consistent with 
gaps in other important election data that Georgia counties report to the Secretary of 
State. State Defendants recently produced electronic data (election projects) that I 
understand were required to be returned to them by counties after the November 
2020 and January 2021 elections. In both elections, a large fraction of counties failed 
to return any data, returned the wrong data, or omitted data necessary for assessing 
the security and integrity of the result, such as election databases or ballot images. 
More than six months after these elections, the Secretary of State has not been able 
to assemble these electronic records and has not indicated any effort or willingness 
to do so. Yet the only way that State Defendants could use the number of spoiled 
ballots as a defense against BMD-based cheating would be if the poll workers 
accurately tracked it, counties accurately aggregated it, and the Secretary’s Office 
received such data from across the state before the election result was determined. 
Even then, it is unlikely that the Secretary would be prepared to react by rerunning 
the election if the number of spoiled ballots exceeded the number predicted in an 


outcome-changing attack. 


14 


23. Given the ineffectiveness of such defenses and the critical security 
problems in Georgia’s BMDs, I (like Dr. Appel) recommend that BMDs be reserved 
for voters who need or request them, as is the case in most states. Dr. Gilbert 
responds by claiming, without evidence, that “[d]isabled voters are even less likely 
to identify an error on their printed ballot” ({ 14). I am unaware of any study that 
supports this sweeping indictment of voters with disabilities, which encompasses a 
vast array of disabilities that would not impact the ability of the voter to identify an 
error on their printed ballot in any way. He also contends that blind voters cannot 
detect errors on their ballot at all, but this is not true. Many blind voters use assistive 
technology to read printed text and likely could do so to verify their ballots. 
Moreover, only some voters who need BMDs are blind. For instance, those with 
motor impairments that prevent them from marking a ballot by hand would not 
necessarily have any greater difficulty verifying the printed text than any other voter. 
In any case, if BMDs are used primarily by voters with disabilities (as in most 


jurisdictions that use BMDs), they will represent a much smaller target,’ and an 


7 Although Dr. Gilbert cites a figure that would imply that 10% of Georgians who 
voted in 2020 were disabled, data from Maryland, where BMDs are available upon 
request, suggests that only about 1.8% of voters would request to use BMDs if they 
were offered a hand-marked ballot first. (Halderman decl., Aug. 19, 2020, Dkt. 
785-2 at 49.) Dr. Gilbert’s citation to the number of all Georgia voters with 
disabilities is highly misleading since, again, very few of those voters would be 
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outcome-changing attack on any given election will be detectable with a much lower 
rate of voter error detection than when all in-person voters use BMDs as they do in 
Georgia today. This in turn creates a strong disincentive for bad actors to attempt 
hacking an election (the risk likely is not worth the reward when the outcome is 
highly unlikely to be changed), which means individual votes would be less likely 
to be altered by hacking. 

24. In his only direct response to my expert report, Dr. Gilbert states that he 
is not aware that I have “provided equipment marred by ‘undetectable’ hacks to any 
other independent researcher” (1 15).8 This is a curious and ironic criticism coming 
from Dr. Gilbert, since he evidently chose not to evaluate my findings through an 
examination of the voting equipment himself, which he does not explain. Moreover, 
Dr. Gilbert misreads my report. It does not claim that malicious software infecting a 


BMD would be undiscoverable by any possible means. If an individual BMD is 


unable to vote on a hand-marked paper ballot, consistent with the number reported 
in Maryland. 

* Dr. Gilbert ignores that, as I understand it, State Defendants have objected to my 
report and the underlying work being shared with third parties (except Dominion), 
including other independent researchers, with whom I am eager to share my work 
for review. I am confident in my findings and believe they should be shared 
promptly with appropriate election security researchers and officials in an effort to 
mitigate the critical vulnerabilities in Georgia’s voting equipment that I describe. I 
invite Dr. Gilbert to join me in seeking State Defendants’ consent to do that. 
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known to contain malware, there will likely be some level of detailed forensic 
scrutiny that can detect where the malware is, perhaps requiring months of expert 
analysis per machine at extraordinary expense. It would be completely infeasible to 
perform this level of analysis on every machine before every election, much less 
between an election and the deadline for certification of its results. (And after 
manipulating ballots, malware could remove all traces of its presence from a 
machine, defeating any possible post-election examination of the device.) What my 
report shows is that vote-stealing malware of the type I have constructed would not 
be detected by any of the defenses that State Defendants purport to practice. I 
describe in detail how such malware would defeat QR code authentication, logic and 
accuracy testing, on-screen hash validation, and external APK validation (as was 
used by Pro V&V after the November election). Dr. Gilbert offers no rebuttal to 
these findings. He does not dispute them or even address them. 

25. Moreover, there is already an example of an “undetectable” attack 
entered into testimony: exploitation of the Drupal vulnerability discovered by Logan 
Lamb in the Center for Election Systems server. As Lamb attested, the developers of 
the primary tool for detecting this vulnerability stated that “[nJeither [the defensive 


tool] nor an expert can guarantee a website has not been compromised. They can only 


confirm with certainty a website has been compromised.” Furthermore, the Drupal 
developers state that any server running the vulnerable software after the initial 
disclosure of the vulnerability should be assumed to have been compromised unless 
it was patched within hours of disclosure. According to the timeline presented in 
Lamb’s declaration, he found the KSU server to be in a vulnerable state on August 
28, 2016, nearly two years after the initial announcement of the critical vulnerability 
(October 15, 2014).'° The KSU server image also contains evidence that a second 
vulnerability, the so-called Shellshock flaw, was exploited on December 2, 2014.!! 
This vulnerability was publicly disclosed more than two months earlier and widely 
publicized in the media as a critical vulnerability, yet the KSU server remained 
unpatched. 

26. An attacker who compromised the KSU server could therefore have 
maintained undetected access to the compromised server. Since the server remained 
in a vulnerable state undetected for almost two years, it is highly likely that it was 
successfully attacked at some point in time. An attacker who did so would have been 


able to move laterally to other systems within the CES network and to other 


? Lamb decl., Dkt. 258-1 at 19. 


10 See “Drupal Core - Highly Critical - Public Service announcement” (Oct. 29, 
2014), available at https://www.drupal.org/PSA-2014-003. 
'' Halderman deci. (Sept. 1, 2020) Dkt. 855-1 at 23. 
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components of Georgia’s voting system. As I have previously pointed out, many 
election system components that could have been compromised in this way are still 
in use in Georgia today, where they provide a means by which attackers could spread 
vote-stealing malware to the BMDs. 

27. Rather than address the many threats to Georgia’s voting system, 
Dr. Gilbert persists in drawing illogical comparisons between BMDs and hand- 
marked paper ballots. For instance, he questions why Plaintiffs have presented no 
research “regarding voters’ proclivity to review [hand-marked paper ballots] to 
ensure their ballots are marked and will count as intended” (T 8). Much like 
Dr. Gilbert’s earlier testimony that “[i]n essence, a BMD is nothing more than an 
ink pen,”'? one does not need expertise in election security to find fault with this 
reasoning. Preventing voters from making accidental mistakes is a completely 
different problem from preventing their selections from being deliberately and 
systematically changed by an attacker who has compromised the BMDs. There is 
abundant evidence that voters do sometimes make errors whether filling out a ballot 


by hand or by machine. Bad ballot design exacerbates this problem with both voting 


modalities, but following ballot design best practices can greatly reduce it. Both 


12 Gilbert decl., Dkt. No. 658-3 at 60. 
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BMDs and scanners that count hand-marked ballots can also be configured to reject 
overvotes and to warn voters about undervotes, the most common kinds of voter 
errors. Moreover, unlike older technologies for counting hand-marked ballots, the 
scanners used in Georgia (when properly configured) can detect improperly or 
incompletely marked bubbles and present them to human operators to adjudicate 
whether the marks should count as votes. Election officials can use all of these 
options to help protect voters from their own mistakes, but none of them offers 
protection against a BMD that deliberately changes the selections printed on a 
voter’s ballot (or those encoded in the ballot barcode). The central problem with 
Georgia’s highly vulnerable BMD system—that attackers can change all records of 
the voter’s intent without being detected by election officials—has no parallel in a 
hand-marked paper ballot system. 

28. Dr.Gilbert concludes as he started, with vague and sweeping 
generalities. “Simply put, BMD elections systems are no more insecure than [hand- 
marked] systems” ( 16). It is unclear whether he is claiming that all BMD systems 
are at least as secure as all hand-marked systems or merely that some specific BMD 
system (such as the one he recently developed himself to address some of the 
reliability problems that exist with Georgia’s BMDs) is at least as secure as some 


hand-marked system, but this is of little consequence. The only BMD system that is 
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relevant here is the Dominion ICX as used in Georgia. As my expert report details, 
Georgia’s BMD system suffers from numerous, severe vulnerabilities. These 
vulnerabilities would have little potential to change election outcomes if use of 
BMDs were limited to voters who need or request them, as Curling Plaintiffs desire, 
and they would be far less likely to affect the personal votes of individual Georgia 


voters. 


Reply to Declarations of Dr. Benjamin Adida 


29. The declarations by Dr. Adida that State Defendants have submitted 
predate my expert report, so Dr. Adida’s opinions are not informed by the critical 
vulnerabilities in Georgia’s BMD equipment that my analysis has revealed or by 
anything else in my lengthy, detailed report. Nor are they informed by any events 
that occurred in the year since he first provided these declarations, such as any aspect 
of the November 2020 election in Georgia or the Secretary of State’s study indicating 
that few voters verified their respective ballots in that election. 

30. Nevertheless, Dr. Adida’s first declaration is correct that “Running a 
risk-limiting audit is one of the most important advances states can take in improving 
election integrity—without an RLA, we are effectively trusting computerized 
scanners to count our paper ballots” (Dkt. 834-2 at § 5). This is true, but, as my expert 


report shows, without a risk-limiting audit Georgia is also trusting its critically 
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vulnerable BMDs to generate ballots with QR codes that correctly reflect voters’ 
selections. Obviously compromised BMDs and compromised scanners could change 
individual votes and election outcomes. But again, nothing suggests that Georgia’s 
scanners suffer from such easily exploitable critical vulnerabilities as the BMDs do. 

31. Dr. Adida and I also agree that RLAs are important for discovering 
whether compromised BMDs have manipulated enough ballot QR codes to change 
the outcome of an election (4 12). Although RLAs are, as Dr. Adida says, “of the 
utmost importance” (J 6), Georgia does not require an RLA in the vast majority of 
elections and the vast majority of contests, leaving both election outcomes and 
individual voters’ votes susceptible to manipulation via BMD malware. Additionally, 
it is insufficient for states to merely (in Dr. Adida’s words) “take meaningful steps to 
implement RLAs”; rather, states have to actually conduct reliable RLAs, which 
Georgia does not intend to do for the vast majority of its elections (or perhaps any of 
its elections, depending on the reliability of the audit procedures it implements). 

32. In his second declaration, Dr. Adida refers to a “dispute amongst 
academics regarding whether voters verify their ballots using ballot-marking 
devices” (Dkt. 912-1 at § 11). This statement reflects a misunderstanding of the state 
of research today. I am not aware of any scientific research that supports the 


proposition that Georgia voters would likely detect more than a small fraction of 
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errors caused by BMD malware. In contrast, the past two years have seen a wave of 
laboratory studies and multiple field observation studies addressing this question, all 
of which strongly indicate the opposite, that few voters carefully review their ballots 
and so the vast majority of errors caused by BMD malware would likely to go 
undiscovered and uncorrected. Although there once was uncertainty about whether 
most voters carefully verify their BMD ballots, there is no longer any serious 
scientific dispute that they do not. It is the hallmark of good science (and of good 
public policy) that it evolves based on new evidence, such as the University of 
Georgia study commissioned by the Secretary of State that I discussed above— 
which Dr. Adida has not addressed. 

33. Georgia’s election system needs to evolve as well. Due to the critical 
vulnerabilities in Georgia’s BMDs that are described in my expert report, Georgia 
voters face an extreme risk that BMD-based attacks could manipulate their 
individual votes and alter election outcomes. Even in the rare contests for which the 
State requires a risk-limiting audit, the scientific evidence about voter verification 
shows that attackers who compromise the BMDs could likely change individual 
votes and even the winner of a close race without detection. Georgia can eliminate 
or greatly mitigate these risks by adopting the same approach to voting that is 


practiced in most of the country: using hand-marked paper ballots and reserving 
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BMDs for voters who need or request them. Absent security improvements such as 
this, it is my opinion that Georgia’s voting system does not satisfy accepted security 
standards. Neither Dr. Gilbert nor Dr. Adida offers a contrary opinion in their 
respective declarations, instead ignoring the critical issue of whether the voting 
system used in Georgia—which neither claims to have examined—reliably protects 


the right to vote for individual Georgia voters. 


I declare under penalty of the perjury laws of the State of Georgia and the 
United States that the foregoing is true and correct and that this declaration was 


executed this 2" day of August, 2021 in Rushland, Pennsylvania. 


ZL 


. ALEX HALDERMAN 
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